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DETAILED ACTION 

Response to Amendment 

This office action is in response to application filed on June 30, 2008. Original 
application contained Claims 1-5. Applicant previously amended Claim 1, and added new 
Claims 6-15. Applicant previously amended Claims 1, 4-6, cancelled Claim 7, and added new 
Claims 16-21. Applicant currently amended Claims 1, 5-6; cancelled Claim 2. Therefore, Claims 
1, 3-6, and 8-21 are pending for further consideration. 

Response to Arguments 

Applicant's arguments filed on June 30, 2008 have been fully considered but they are not 
persuasive because of the following reasons: 

Regarding Claims 1, 3-6, and 8-21 applicants argued that the system of cited prior arts 
[Shapiro et al. (U. S. Patent 6,714,944).] does not teach "verification engine for facilitating 
Authentication of the subject by presenting the one or more selected Queries to the subject via 
the authentication client". Applicant also argued that cited prior art does not teach, "presenting 
predefined queries that require out-of-wallet data in the subject's answer". 

This is not found persuasive. The system of cited prior art does teach and describe a 
database structuring method that involves permitting access to data record by person providing 
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identifier, so that candidate has power to grand third party access to data record by 
communicating identifier to third party. A data record with unique identifier, has verifiable 
components and query result , and is established relating to candidate's personal background data , 
in digital storage medium. The identifier is communicated to candidate and access to data record 
is permitted by person providing identifier, so that candidate has power to grand third party 
access to data record by communicating identifier to third party (col.41ine 54 to col.8 line 40, and 
col.9 line 40 to col. 10 line 65). 

As a result, cited prior art does implement and teaches a system for remote user 
authentication employing information stored in multiple, independently controlled databases. 

Applicants still have failed to explicitly identify specific claim limitations, which would 
define a patentable distinction over prior arts. Therefore, the examiner asserts that cited prior art 
does teach or suggest the subject matter broadly recited in independent and subsequent 
dependent claims. Accordingly, rejections for Claims 1-16 are respectfully maintained. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 i ( a ) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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Claims 1, 3-6, and 8-21 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Shapiro et al. (U. S. Patent 6,714,944). 

1 . Regarding Claim 1 Shapiro teach and describe a user identity authentication system 

(summary and Fig. 1-9) comprising: 

an authentication client for requesting authentication of a subject; a user interface to 

receive the authentication request from the authentication client (col. 6 line 20 to line 34); 

multiple independently operated databases, each database storing out-of-wallet data 
associated with the subject, the associated information being accessible through predefined and 
at least one of the predefined queries requiring at least one item of out-of-wallet data in an 
answer to the query; queries to identify the subject, the predefined queries defined in advance 
by agreement with respective owners of each of the multiple independently operated databases 
(Fig. 1-3, col.6 line 20 to line 55,and col.4 line 54 to col.6 line 19); 

and a verification engine for facilitating authentication of the subject by receiving the 
authentication request, selecting one or more of the predefined queries, including at least one of 
the predefined queries that requires at least one item of out-of-wallet data in an answer to the 
query, presenting the one or more selected queries to the subject via the query, presenting the 
one or more selected queries to the subject via the authenticating client, receiving from the 
subject an answer to each of the one or more selected queries, and presenting the answer, 
including at least one item of out-of-wallet data, to the multiple independently operated 
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databases for a validation response (Fig.1-3, col.6 line 20 to col. 7 line 3, and col.4 line 54 to 
col.6 line 19). 

2. Regarding Claim 4 Shapiro teach and describe an authentication system (summary and 
Fig .1-9) comprising : 

an authentication client for desiring authentication of an authentication subject (col.6 line 
20 to line 34); 

a plurality of independent database systems storing information identifying the 
authentication subject, the identifying information being accessible through predefined queries, 
the predefined queries defined in advance by agreement with the owners of each of the 
independent database systems (Fig.1-3, col.6 line 20 to line 55, and col.4 line 54 to col.6 line 
19); 

and a verification engine to receive from the authentication subject, via the authentication 
client, an answer to each of the predefined queries, to obtain from each of the plurality of 
independent database systems a corresponding authentication confidence for each answer, and 
to combine the corresponding authentication confidence for each answer into a combined 
authentication confidence Fig.1-3, col.6 line 20 to col.7 line 3, and col.4 line 54 to col.6 line 
19). 



3. Regarding Claim 5 Shapiro teach and describe user identity authentication method 
(summary and Fig. 1-9)) comprising the steps of: 
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presenting to an authentication subject one or more predefined queries from each of 
multiple independent databases of identifying information (col.6 line 20 to line 34); receiving 
from the authentication subject an answer to each of the selected queries, the predefined queries 
defined in advance by agreement with owners of each of multiple independent databases, the 
multiple independent databases storing identifying information about the authentication subject; 
receiving from the authentication subject an answer to each of at least one of the predefined 
queries (Fig. 1-3, col.6 line 20 to line 55, and col.4 line 54 to col.6 line 19); 

presenting each answer to at least one of the multiple independent databases that has 
corresponding identifying information; obtaining from the multiple independent databases an 
authentication confidence level for each answer; and combining the authentication confidence 
level for each answer into a combined confidence level for authenticating the authentication 
subject (Fig.1-3, col.6 line 55 to col.7 line 3, and col.4 line 54 to col.6 line 19). 

4. Regarding Claim 6 Shapiro teach and describe method of authenticating the putative 
identity of a subject who is an individual, the method (summary and Fig. 1-9) comprising the 
steps of: negotiating a predetermined set of permitted types of queries with an owner of an 
independent remote, third-party database, the independent remote, third-party database 
including identifying information associated with the subject; providing a database interface for 
interacting with the independent, remote, third-party database without storing any significant 
portion of the third-party database locally, and wherein the interaction is limited to submitting a 
query among the predetermined set of permitted types of queries, and receiving from the third- 
party database a response to the permitted query; responsive to a request from a client to 
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authenticate the putative identity of the subject, forming a first query to elicit from the subject at 
least one item of information sufficient to form one of the permitted types of queries, and 
sending the first query to the subject via the client; receiving identifying information associated 
with the subject in response to first query to authenticate his identity, the received identifying 
information including at least one item of information sufficient to form one of the permitted 
types of queries; forming a permitted type of query based on the received identifying 
information; transmitting the formed query to the remote, third-party database; and receiving a 
response from the remote, third-party database wherein the database interface does not 
otherwise provide access to the remote, third-party database, so that privacy of the remote, 
third-party database content remains under control of its owner (Fig. 1-3, col.6 line 20 to col.7 
line 3, and col.4 line 54 to col.6 line 19). 

4. Claims 3 and 8-21 are rejected applied as above rejecting Claims 1, and 4-6. 
Furthermore, Shapiro teach and describe a system a method wherein: 

As per Claim 3 further comprising a personal information database coupled to the 
verification engine, the personal information database containing in-wallet data identifying the 
subject (col.7 line 56 to col.8 line 40). 

As per Claim 8, said receiving the identifying information associated with the subject 
transpires in a live interaction with the subject in person (col.9 line 41 to line 46). 

As per Claim 9, receiving the identifying information associated with the subject is 
through a computer network (Fig. 1-3, col.6 line 20 to line 34). 
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As per Claim 10, receiving the identifying information associated with the subject via the 
Internet (Fig. 1-3, and col.3 line 26 to line 43, and col.6 line 20 to line 34). 

As per Claim 1 1, the database interface enables interaction with multiple independent, 
remote, third-party databases without storing any significant portion of any of said databases 
locally, so that privacy of the remote, third-party database contents remain under control of their 
respective owners (col.7 line 36 to col.8 line 40, and col. 9 line 40 to col. 10 line 65). 

As per Claim 12, receiving responses from a plurality of the remote, third-party databases 
and assembling the responses from the multiple databases to form a result (col. 12 line 14 to line 
67). 

As per Claim 13, the associated identifying information in the database includes out-of- 
wallet data associated with the subject (col.4 line 59 to col.6 line 19). 

As per Claim 14, presenting a predetermined question to the subject; receiving an answer 
to the question; and forming the database query responsive to the answer received (col.7 line 16 
to line 55). 

As per Claim 15, forming a second question responsive to the response from the remote, 
third-party database; presenting the second question to the subject; and forming another 
database query responsive to the answer to the second question (col.7 line 56 to col.8 line 40). 

As per Claim 16, the authentication client includes an electronic commerce site (col.4 
line 59 to col.5 line 34). 

As per Claim 17, the verification engine further facilitates authentication of the subject 
by: receiving the validation responses from each of the multiple independently operated 
databases, the validation responses including a match confidence; and determining an overall 
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authentication confidence based on each of the received match confidences (col. 6 line 20 to 
col.7 line 55). 

As per Claim 18, the authentication client includes an electronic commerce site (col.4 
line 59 to col.5 line 34). 

As per Claim 19, the information identifying the authentication subject includes out-of- 
wallet data identifying the authentication subject (col. 6 line 20 to line 55). 

As per Claim 20, the one or more predefined queries are presented to the authentication 
subject via an authenticating client (col.6 line 20 to line 55). 

As per Claim 21, the identifying information includes out-of-wallet data identifying the 
authentication subject (col.6 line 20 to line 55). 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

September 1,2008 
/Syed Zia/ 

Primary Examiner, Art Unit 2131 



